P
US12368591B2ActiveUtilityPatentIndex 47

Blockchain enhanced identity access management system

Assignee: SAUDI ARABIAN OIL COPriority: Mar 9, 2022Filed: Mar 9, 2022Granted: Jul 22, 2025
Est. expiryMar 9, 2042(~15.7 yrs left)· nominal 20-yr term from priority
Inventors:ZIDEK MAREKBARAGABA MAZEN AALJUAID MUHAMMAD S
H04L 9/50H04L 9/3239H04L 9/3226H04L 9/3297
47
PatentIndex Score
0
Cited by
101
References
20
Claims

Abstract

Systems and methods include a computer-implemented method for verifying blockchain transaction. A request is received in a blockchain for a user to use an application. A three-blockchain cluster verification process is performed in response to receiving the request. Verification that the application is authorized is performed using a nodes blockchain cluster in the blockchain based on user-application data pre-verified by at least two administrators and stored in the nodes blockchain cluster. Verification that the user exists and is authorized is performed using a users/objects blockchain cluster in the blockchain different from the nodes blockchain cluster, where the verifying is based on the user-application data pre-verified by the at least two administrators and stored in the users/objects blockchain cluster. Verification that credentials for the user exist is performed using a passwords blockchain cluster in the blockchain different from the nodes blockchain cluster and the users/objects blockchain cluster, where the verifying is based on the user-application data pre-verified by the at least two administrators and stored in the passwords blockchain cluster. Access to the application is granted to the user in response to successfully completing the three-blockchain cluster verification process, including verification using the nodes blockchain cluster, the users/objects blockchain cluster, and the passwords blockchain cluster.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A computer-implemented method, comprising:
 receiving, in a blockchain, a request for a user to use an application, the blockchain comprising a host validator module providing application firewall functionality, blocking unauthorized user devices from accessing the application; 
 performing, in response to receiving the request, a three-blockchain cluster verification process, comprising:
 verifying, using a nodes blockchain cluster in the blockchain, that the application is authorized, wherein the verifying is based on user-application data verified by at least two administrators and stored in the nodes blockchain cluster; 
 verifying, using an object blockchain cluster in the blockchain and different from the nodes blockchain cluster, that the user exists and is authorized, wherein the verifying is based on the user-application data verified by the at least two administrators and stored in the object blockchain cluster; and 
 validating, using a passwords blockchain cluster in the blockchain and different from the nodes blockchain cluster and the object blockchain cluster, over three different blockchain clusters, that credentials for the user exist, wherein the verifying is based on the user-application data verified by the at least two administrators and stored in the passwords blockchain cluster, each node of the nodes blockchain cluster comprising data defining which system is allowed to communicate with another system; and 
 
 granting, to the user, access to the application in response to successfully completing the three-blockchain cluster verification process, comprising verification using the nodes blockchain cluster, the object blockchain cluster, and the passwords blockchain cluster. 
 
     
     
       2. The computer-implemented method of  claim 1 , further comprising:
 receiving user-application data for verification of the user and for verification of the application used by the user; 
 validating, using validation received from the at least two administrators, the user-application data; and 
 in response to validating the user-application data using validation received from the at least two administrators, generating, using the user-application data:
 at least one host record in the nodes blockchain cluster, 
 at least one identity record in the object blockchain cluster, and 
 at least one password record in the passwords blockchain cluster. 
 
 
     
     
       3. The computer-implemented method of  claim 2 , further comprising storing, on an identity server different from a web server, the at least one host record, the at least one identity record, and the at least one password record. 
     
     
       4. The computer-implemented method of  claim 1 , wherein a majority of cluster nodes of the nodes blockchain cluster, the object blockchain cluster, and the passwords blockchain cluster reside in a corporate network. 
     
     
       5. The computer-implemented method of  claim 1 , wherein performing the three-blockchain cluster verification process comprises accessing a plurality of records in the nodes blockchain cluster, the object blockchain cluster, and the passwords blockchain cluster. 
     
     
       6. The computer-implemented method of  claim 5 , wherein the plurality of records comprise n records, n+1 records, and n+2 records. 
     
     
       7. The computer-implemented method of  claim 5 , wherein the plurality of records are linked with block hashes. 
     
     
       8. A non-transitory, computer-readable medium storing one or more instructions executable by a computer system to perform operations comprising:
 receiving, in a blockchain, a request for a user to use an application, the blockchain comprising a host validator module providing application firewall functionality, blocking unauthorized user devices from accessing the application; 
 performing, in response to receiving the request, a three-blockchain cluster verification process, comprising:
 verifying, using a nodes blockchain cluster in the blockchain, that the application is authorized, wherein the verifying is based on user-application data verified by at least two administrators and stored in the nodes blockchain cluster; 
 verifying, using an object blockchain cluster in the blockchain and different from the nodes blockchain cluster, that the user exists and is authorized, wherein the verifying is based on the user-application data verified by the at least two administrators and stored in the object blockchain cluster; and 
 validating, using a passwords blockchain cluster in the blockchain and different from the nodes blockchain cluster and the object blockchain cluster, over three different blockchain clusters, that credentials for the user exist, wherein the verifying is based on the user-application data verified by the at least two administrators and stored in the passwords blockchain cluster, each node of the nodes blockchain cluster comprising data defining which system is allowed to communicate with another system; and 
 granting, to the user, access to the application in response to successfully completing the three-blockchain cluster verification process, comprising verification using the nodes blockchain cluster, the object blockchain cluster, and the passwords blockchain cluster. 
 
 
     
     
       9. The non-transitory, computer-readable medium of  claim 8 , the operations further comprising:
 receiving user-application data for verification of the user and for verification of the application used by the user; 
 validating, using validation received from the at least two administrators, the user-application data; and 
 in response to validating the user-application data using validation received from the at least two administrators, generating, using the user-application data:
 at least one host record in the nodes blockchain cluster, 
 at least one identity record in the object blockchain cluster, and 
 at least one password record in the passwords blockchain cluster. 
 
 
     
     
       10. The non-transitory, computer-readable medium of  claim 9 , further comprising storing, on an identity server different from a web server, the at least one host record, the at least one identity record, and the at least one password record. 
     
     
       11. The non-transitory, computer-readable medium of  claim 8 , wherein a majority of cluster nodes of the nodes blockchain cluster, the object blockchain cluster, and the passwords blockchain cluster reside in a corporate network. 
     
     
       12. The non-transitory, computer-readable medium of  claim 8 , wherein performing the three-blockchain cluster verification process comprises accessing a plurality of records in the nodes blockchain cluster, the object blockchain cluster, and the passwords blockchain cluster. 
     
     
       13. The non-transitory, computer-readable medium of  claim 12 , wherein the plurality of records comprise n records, n+1 records, and n+2 records. 
     
     
       14. The non-transitory, computer-readable medium of  claim 12 , wherein the plurality of records are linked with block hashes. 
     
     
       15. A computer-implemented system, comprising:
 one or more processors; and 
 a non-transitory computer-readable storage medium coupled to the one or more processors and storing programming instructions for execution by the one or more processors, the programming instructions instructing the one or more processors to perform operations comprising:
 receiving, in a blockchain, a request for a user to use an application, the blockchain comprising a host validator module providing application firewall functionality, blocking unauthorized user devices from accessing the application; 
 performing, in response to receiving the request, a three-blockchain cluster verification process, comprising:
 verifying, using a nodes blockchain cluster in the blockchain, that the application is authorized, wherein the verifying is based on user-application data verified by at least two administrators and stored in the nodes blockchain cluster; 
 verifying, using an object blockchain cluster in the blockchain and different from the nodes blockchain cluster, that the user exists and is authorized, wherein the verifying is based on the user-application data verified by the at least two administrators and stored in the object blockchain cluster; and 
 validating, using a passwords blockchain cluster in the blockchain and different from the nodes blockchain cluster and the object blockchain cluster, over three different blockchain clusters, that credentials for the user exist, wherein the verifying is based on the user-application data verified by the at least two administrators and stored in the passwords blockchain cluster, each node of the nodes blockchain cluster comprising data defining which system is allowed to communicate with another system; and 
 
 granting, to the user, access to the application in response to successfully completing the three-blockchain cluster verification process, comprising verification using the nodes blockchain cluster, the object blockchain cluster, and the passwords blockchain cluster. 
 
 
     
     
       16. The computer-implemented system of  claim 15 , the operations further comprising:
 receiving user-application data for verification of the user and for verification of the application used by the user; 
 validating, using validation received from the at least two administrators, the user-application data; and 
 in response to validating the user-application data using validation received from the at least two administrators, generating, using the user-application data:
 at least one host record in the nodes blockchain cluster, 
 at least one identity record in the object blockchain cluster, and 
 at least one password record in the passwords blockchain cluster. 
 
 
     
     
       17. The computer-implemented system of  claim 15 , wherein a majority of cluster nodes of the nodes blockchain cluster, the object blockchain cluster, and the passwords blockchain cluster reside in a corporate network. 
     
     
       18. The computer-implemented system of  claim 15 , wherein performing the three-blockchain cluster verification process comprises accessing a plurality of records in the nodes blockchain cluster, the object blockchain cluster, and the passwords blockchain cluster. 
     
     
       19. The computer-implemented system of  claim 18 , wherein the plurality of records comprise n records, n+1 records, and n+2 records. 
     
     
       20. The computer-implemented system of  claim 18 , wherein the plurality of records are linked with block hashes.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.